ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-003 All Questions

View all questions & answers for the CS0-003 exam
Go to Exam

Exam CS0-003 topic 1 question 295 discussion

Actual exam question from CompTIA's CS0-003
Question #: 295
Topic #: 1
[All CS0-003 Questions]

A SOC receives several alerts indicating user accounts are connecting to the company’s identity provider through non-secure communications. User credentials for accessing sensitive, business-critical systems could be exposed. Which of the following logs should the SOC use when determining malicious intent?

  • A. DNS
  • B. tcpdump
  • C. Directory
  • D. IDS
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by ChopSNap at Nov. 19, 2024, 4:31 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
linkmonkey239
Highly Voted 5 months, 2 weeks ago
Selected Answer: B
tcpdump. The keyword is "non-secured communication". tcpdump allows you to analyze the "malicious intent" over a "non-secured communication" as the traffic is readable.
upvoted 9 times
...
Susan4041
Most Recent 3 weeks, 2 days ago
Selected Answer: C
Why would you not check Directory these are user accounts
upvoted 1 times
...
zecomeia_007
5 months, 2 weeks ago
Selected Answer: D
D. IDS (Intrusion Detection System) logs IDS logs are specifically designed to detect and log potentially malicious activity.
upvoted 3 times
...
Cimoooooo
5 months, 2 weeks ago
D - IDS. Best choice for detecting Malicious activity.
upvoted 4 times
...
ChopSNap
5 months, 3 weeks ago
Selected Answer: D
D. IDS An Intrusion Detection System (IDS) is designed to monitor network traffic for malicious activity. In this case, an IDS can detect non-secure connections to the identity provider, potentially indicating malicious intent. By analyzing the traffic patterns, the IDS can provide valuable insights into the nature of the attack, such as the source IP address, the affected user accounts, and the specific vulnerabilities exploited. While DNS, tcpdump, and directory logs can provide useful information, they are not specifically designed to detect malicious intent. DNS logs can show domain resolution, tcpdump can capture network traffic, and directory logs can show user authentication attempts, but they may not provide the level of context and threat intelligence that an IDS can offer.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago